This post may contain affiliate links and Corporette® may earn commissions for purchases made through links in this post. As an Amazon Associate, I earn from qualifying purchases.
Millions of people (unfortunately, not an exaggeration) are wondering what many Corporette® readers are also wondering: how to protect their credit after the Equifax data breach. On September 7, Equifax revealed that hackers may have exposed Social Security numbers, credit card numbers, birthdates, addresses, driver's license numbers, website security questions/answers, etc., for up to 143 million people — a “breath-taking amount of highly sensitive data [handed] over to criminals,” as Ars Technica put it.
We've seen some contradictory information online — and the sheer amount of advice out there is overwhelming — so we thought we'd round up some expert advice in a post. Readers, what steps have you taken to protect your credit after the breach? Have you used any services or had any success in freezing your credit? If you've written to government officials about changing the laws, share your script!
Here are the latest recommendations for how to protect your credit:
1. Visit www.equifaxsecurity2017.com to check if you're at risk. Since announcing the site, Equifax has clarified that checking your status (and enrolling in TrustedID Premier, its free credit file monitoring and identity theft protection service), “does not waive any rights to take legal action.” So, after clicking on “Potential Impact,” enter your last name and the last six digits of your SSN. From there, you'll get information on enrolling, including the date you can register. (You must do so by November 21). You won't need to enter your credit card number, so you don't have to worry about automatically being charged for the following year's fee once the free year is up.
Note: Checking your status may not be as useful as it seems. ZDNet and Krebs on Security, among other outlets, have reported that people have entered fake information and still gotten an answer, while others have received different answers on various tries, or on a smartphone vs. a computer. I also felt nervous entering six (not just four) digits of my SSN on Equifax's site, but my SSN is probably already out there, so there's that.
That said, in case you're interested in Equifax's TrustedID service, here's what it does:
- Gives you copies of your Equifax credit report.
- Provides monitoring of your Equifax, Experian, and TransUnion credit reports.
- Allows you to lock lenders' access to your Equifax credit report. (When you want to apply for new credit, it may take 24–48 hours for Equifax to unlock it.)
- Scans the internet for your Social Security number.
- Provides identity theft insurance.
Of course, you might stop to consider whether you feel comfortable trusting Equifax with these responsibilities, considering the massive breach that took place on their watch…
Psst: here are our favorite books for financial newbies…
These are some of our latest favorite financial books for beginners:
2. Freeze your credit through the three credit reporting bureaus. (The New York Times also suggested freezing your credit with Innovis.) A credit freeze doesn't stop someone from charging anything to your existing accounts, but it does make it more difficult for anyone to use your name to open new accounts. Freezing your credit prevents third parties from accessing your credit file (unless it's a company you already do business with, such as your mortgage lender) until you remove the freeze, either temporarily or permanently.
Yesterday, Equifax announced that for 30 days it will waive its fees to freeze credit files — but only after many people complained. For information on how you may be charged for a credit freeze (outside of this specific situation), check this updated chart of state credit-freeze laws. (It usually costs $5–$10.)
3. If you don't want to freeze your credit (even though identity-theft experts recommend doing so), place a fraud alert on your credit files. Creditors will be notified that you are a potential victim of identity theft and will take care to verify your identity by contacting you directly before they open a loan or establish other credit in your name. A fraud alert lasts 90 days, but you can extend it. In an article at Bankrate, Robert Siciliano, CEO of IDTheftSecurity.com, said, “Everyone should assume their information has been compromised,” either through this data breach or those that have affected other companies — so at the very least, you should request these alerts.
4. Keep an eye on your credit report, bank accounts, and credit card, as well as email and snail mail. Remember, you can access your credit report for free every 12 months from Equifax, Experian, and TransUnion by visiting www.annualcreditreport.com. (You should get your credit reports from this site only — not from one of its imitators — and make sure to type in the URL in your browser rather than click a link from another site or an email. To be extra careful, that's a smart thing to do for any financial site.)
Some credit cards offer quick, free access to your FICO score, so check if yours is one of them. Another strategy: Even before the Equifax breach, I set up text alerts for one of my credit cards — every time my card is used to pay for something when I'm not there in person, I get a notification. Also, don't wait until April 18, 2018, to file your 2017 taxes — do so as soon as you receive the documents and information you need. That way, you can get ahead of any potential scammers who plan to use your SSN to get a refund.
5. Do your research before signing up for a non-Equifax credit monitoring or identify monitoring service. (Of course, unlike with TrustedID, you'll have to pay.) This may be a subject for a separate post, so for now, here's some info from other sites: The Simple Dollar reviewed what it says are the best three services, IdentityForce, LifeLock, and ID Watchdog, while some in the know have said this kind of protection isn't really worth the money, considering the free monitoring you can do on your own (see: The Motley Fool, Time, Wired).
Have you been wondering how to protect your credit after the Equifax data breach? Have you checked whether your personal information may have been compromised, and have you decided whether or not to freeze your credit and/or enroll in Equifax's free service? Have you been a victim of identity theft in the past? What were the consequences, and how did you handle it?
Psst: in honor of the original title for our money series, Tales from the Wallet… here's a wallet!
Further Reading:
- CNN has fact-checked six common rumors about the security breach.
- Los Angeles Times reporter Michael Hiltzik wrote a column called, “Here are all the ways the Equifax data breach is worse than you can imagine,” that points out some aspects of the breach you might not know about. (Ignore the outdated portion that says those who enroll in TrustedID won't be able to sue.)
- A very thorough NYT column by Ron Lieber offers a lot of valuable information and includes questions he's asked Equifax that have yet to be answered.
AIMS
I know this isn’t the answer, but this really just makes me want to stick my head in the sand. My plan is to freeze accounts and place fraud alerts (which I should renew after 90 days?) but man can I sympathize with people who are just going to ignore this and pretend it’s not happening.
emeralds
Ugh same. I keep procrastinating about dealing with it.
Anon
I was one of those affected and a spam email went out under my name over the weekend. Those events probably aren’t connected, right? I hope? On Sunday evening I froze my credit reports…
Green Hat
Not likely. Change your email password. It doesn’t necessarily mean that your email was hacked – someone could have found your name and/or email and spoofed your email address. But it’s a good idea nonetheless.
NYNY
This is maddening, because our most sensitive financial data was breached by a company with which the majority of us did not choose to do business.
Why do credit reporting agencies not have the equivalent of HIPAA? Also curious about the credit card information included in the breach: Does PCI compliance apply?
Anon
I think any time you sign up for credit, you sign an ok on credit reporting.
Anonymous
Also HIPAA doesn’t cover hacks…
NYNY
HIPAA does cover hacks. The top 3 breaches listed on the current OCR “Hall Of Shame” are all hacking incidents.
Anonymous
this is also maddening because i feel as though there is no way to actually know if i was impacted. i am uncomfortable providing my last name and SSN through the site. But I did enter “Smith” with 123456 and 987654, and both of those “people” were impacted and prompted to enroll. So, I feel like whatever combination of numbers you enter into that site will generate a response that you were impacted. Has anyone tried it with actual data and been informed that they were not impacted?
Anonymous
Yes, I checked for three family members and myself, and received “no impact” responses for two. Maybe the website’s default response is to say you are potentially impacted unless Equifax can confirm that your data was not affected.
MKB
My husband and I just did the freezes, and it took forever because apparently everyone else is also trying to freeze their reports. We both had different agencies’ sites crash while we were trying to do it, and one of his ended up in some weird limbo where I guess he’ll need to send them a certified letter.
Still, worth it for the piece of mind (and we just refinanced our mortgage, so I think we’re done with things that need a credit check for a while).
Maria
I added a fraud alert since I’m planning to buy a car soon. It took several tries to complete it online. I thought about doing a freeze, but the thought of paying Equifax to freeze my account doesn’t appeal to me. I suspect this will be free in the near future. I also got LifeLock Ultimate Plus.